Packet transmission method using proxy server and system thereof

ABSTRACT

A packet transmission method is disclosed herein. The packet transmission method includes the following operations. The first packet is transmitted to a first proxy server terminal by a first user terminal. A header of received first packet is changed to generate a first header, and the first packet with the first header is transmitted to a gateway terminal by the first proxy server terminal. The first header of the received first packet is changed to generate a second header, and the first packet with the second header is transmitted to a server terminal by the gateway terminal. The header of the first packet includes a source address field and a destination address field.

CROSS-REFERENCE TO RELATED APPLICATION

This application claims priority to Taiwan Application Serial Number108128140, filed on Aug. 7, 2019, which is herein incorporated byreference in its entirety.

BACKGROUND Technical Field

The present disclosure relates to a network service technique, and moreparticularly, to a packet transmission method and system thereof.

Description of Related Art

With the rapid development of Infrastructure as a Service (IaaS) inrecent years, virtual machines (VMs) are often used to transfer packetsin real time to avoid interruption of network services and affectingreliability of network services. However, when the virtual machine isunder a malicious attack, data need to be transferred to another virtualmachine. At this time, the packet loss problem may occur due to thelarge amount of transmitted data or the long transmission distance.Therefore, how to solve the risks caused by the virtual machine whentransferring data, and to achieve real-time transfer of packets withoutaffecting the reliability of network services are problems to be solvedin the art.

SUMMARY

One aspect of the present disclosure is to provide a packet transmissionmethod for transmitting a first packet from a first user terminal to aserver terminal. The packet transmission method includes the followingoperations. The first packet is transmitted to a first proxy serverterminal by the first user terminal. A header of the received firstpacket is changed to generate a first header, and the first packet withthe first header is transmitted to a gateway terminal by the first proxyserver terminal. The first header of the received first packet ischanged to generate a second header, and the first packet with thesecond header is transmitted to the server terminal by the gatewayterminal, wherein the header of the first packet includes a sourceaddress field and a destination address field.

Another aspect of the present disclosure is to provide a packettransmission system which includes a first user terminal, a first proxyserver terminal, a gateway terminal, and a server terminal. The firstuser terminal is configured to transmit a first packet. The first proxyserver terminal is in communication with the first user terminal, andconfigured to receive the first packet, change the header of thereceived first packet to generate a first header, and transmit the firstpacket with the first header. The gateway terminal is in communicationwith the first proxy server terminal, and configured to receive thefirst packet with the first header, change the first header of thereceived first packet to generate a second header, and transmit thefirst packet with the second header. The server terminal is incommunication with the gateway terminal, and configured to receive thefirst packet with the second header, wherein the header of the firstpacket includes a source address field and a destination address field.

The packet transmission method and system of the present disclosuremainly improves the problems caused by the use of virtual machines totransfer packets in the past. When the packets are transmitted from theuser terminal to the server terminal, the proxy server terminal andgateway terminal are used to transfer the packets between the userterminal and the server terminal, so as to achieve real-time transferwithout causing network interruption. Furthermore, when the proxy serveris under a malicious attack, the connection can also be quicklyredirected to another proxy server, and there is no need to re-establishthe connection between the user terminal and the server terminal, so asto achieve the effect of enhancing the user network experience.

BRIEF DESCRIPTION OF THE DRAWINGS

The present disclosure can be more fully understood by reading thefollowing detailed description of the embodiment, with reference made tothe accompanying drawings as follows:

FIG. 1 illustrates a schematic diagram of a packet transmission systemaccording to some embodiments of the present disclosure.

FIG. 2 illustrates a flowchart of a packet transmission method accordingto some embodiments of the present disclosure.

FIG. 3A illustrates a schematic diagram of an operation of transmittinga packet according to some embodiments of the present disclosure.

FIG. 3B illustrates a schematic diagram of an operation of transmittinga packet according to some embodiments of the present disclosure.

FIG. 4 illustrates a flowchart of operations of a proxy server under anattack according to some embodiments of the present disclosure.

FIG. 5 illustrates a schematic diagram of an operation of transmitting apacket when an attack occurs according to some embodiments of thepresent disclosure.

FIG. 6 illustrates a flowchart of operations of a proxy server under anattack according to some embodiments of the present disclosure.

FIG. 7A illustrates a schematic diagram of an operation of transmittinga packet when an attack occurs according to some embodiments of thepresent disclosure.

FIG. 7B illustrates a schematic diagram of an operation of transmittinga packet when an attack occurs according to some embodiments of thepresent disclosure.

FIG. 8 illustrates a flowchart of operations of a proxy server under anattack according to some embodiments of the present disclosure.

FIG. 9 illustrates a schematic diagram of an operation of transmitting apacket when an attack occurs according to some embodiments of thepresent disclosure.

DETAILED DESCRIPTION

The following embodiments are disclosed with accompanying diagrams fordetailed description. For illustration clarity, many details of practiceare explained in the following descriptions. However, it should beunderstood that these details of practice do not intend to limit thepresent disclosure. That is, these details of practice are not necessaryin parts of embodiments of the present disclosure. Furthermore, forsimplifying the drawings, some of the conventional structures andelements are shown with schematic illustrations.

In the present disclosure, the term “coupled” may also be termed as“electrically coupled”, and the term “connected” may be termed as“electrically connected”. “Coupled” and “connected” may also be used toindicate that two or more elements cooperate or interact with eachother. Although the terms “first,” “second,” etc., may be used herein todescribe various elements, these terms are used to distinguish oneelement from another. Unless the context is clearly indicated, the termdoes not specifically refer to or imply the order, nor is intended tolimit the present disclosure.

Reference is made to FIG. 1 . FIG. 1 illustrates a schematic diagram ofa packet transmission system 100 according to some embodiments of thepresent disclosure. As shown in FIG. 1 , the packet transmission system100 includes a user terminal 110, a proxy server terminal 120, a router130, a gateway terminal 140, and a server terminal 150. The proxy server120 is in communication with the user terminal 110 and the router 130,the router 130 is in communication with the proxy server 120 and thegateway terminal 140, and the gateway terminal 140 is in communicationwith the router 130 and the server terminal 150.

As mentioned previously, when the user terminal 110 transmits the packetto the server 150, the proxy server terminal 120 redirects the packet tothe gateway 140 and the gateway terminal 140 then redirects the packetto the server terminal 150 so that real-time transfer without causingnetwork interruption is achieved. In each embodiment of the presentdisclosure, the user terminal 110 may be implemented as an electronicdevice with a network address translation (NAT) function.

Reference is made to FIG. 2 . FIG. 2 illustrates a flowchart of a packettransmission method 200 according to some embodiments of the presentdisclosure. In an embodiment, the packet transmission method 200 shownin FIG. 2 can be applied to the packet transmission system 100 in FIG. 1. The proxy server terminal 120 and the gateway terminal 140 areconfigured to transmit packets according to the following operationsdescribed in the packet transmission method 200 to achieve real-timetransfer without causing network interruption.

As shown in FIG. 2 , operation S210, in which the user terminal 110Atransmits a packet P1 to the proxy server terminal 120A, is performedfirst in the packet transmission method 200. In an embodiment, the userterminal 110A in the internal network is set to transmit the packet tothe server terminal 150. However, when the internal network istranslated into the external network through network address translation(NAT), the packet is redirected to the proxy server terminal 120. It isworth noting that the description of the internal network of the userterminal 110 is omitted in the present disclosure, and only theoperations of the user terminal 110 when connecting to the externalnetwork is explained. Therefore, the following description of the userterminal 110 can be regarded as an operation of the network addresstranslator.

As mentioned above, reference is made to FIG. 3A. FIG. 3A illustrates aschematic diagram of an operation of transmitting a packet according tosome embodiments of the present disclosure. As shown in FIG. 3A, theuser terminal 110A transmits the packet P1 to the proxy server terminal120A, and the header of the packet P1 includes the source address fieldand the destination address field. The source address field in theheader of the packet P1 sent by the user terminal 110 is the InternetProtocol (IP) address of the user terminal 110A, and the destinationaddress field therein is the IP address of the proxy server 120A. It isworth noting that the header of the packet P1 further includes otherfields, such as sequence number (SEQ), acknowledgment number (ACK), andso on, and the present disclosure is not limited thereto.

As mentioned above, operation S220, in which the proxy server terminal120A changes the header of the received packet P1 to generate a headerH1, is executed next in the packet transmission method 200. As shown inFIG. 3A, after receiving the packet P1, the proxy server terminal 120Achanges the source address field and the destination address field inthe header of the packet P1 to generate the header H1. The sourceaddress field in the header H1 is the IP address of the proxy serverterminal 120A, and the destination address field therein is the IPaddress of the gateway terminal 140.

As mentioned above, it is worth noting that when receiving the packettransmitted from the user terminal 110A, the proxy server terminal 120Adetermines whether the received packet is a SYN packet. If it is the SYNpacket, it means that the connection between the user terminal 110A andthe proxy server terminal 120A is established for the first time, andthe SYN packet is the initial packet transmitted during the three-wayhandshake. Therefore, when receiving the SYN packet, the proxy serverterminal 120A is configured to create a first routing table. In anembodiment, the first routing table includes the IP address of the userterminal 110A and the IP address of the proxy server terminal 120A.

As mentioned above, operation S230, in which the proxy server terminal120A transmits the packet P1 with the header H1 to the gateway terminal140, is performed next in the packet transmission method 200. In anembodiment, when the gateway terminal 140 receives the packettransmitted from the proxy server terminal 120A, the gateway terminal140 determines whether the received packet is the SYN packet. If it isthe SYN packet, it indicates that the proxy server terminal 120Aestablishes the connection with the gateway terminal 140 for the firsttime. The SYN packet is the initial packet transmitted during thethree-way handshake. Therefore, when receiving the SYN packet, thegateway terminal 140 is configured to create a second routing table. Inan embodiment, the second routing table includes the IP address of theuser terminal 110A and the IP address of the proxy server terminal 120A.

As mentioned above, operation S240, in which the gateway terminal 140changes the header H1 of the received packet P1 to generate a header H2,and transmits the packet P1 with the header H2 to the server terminal150, is performed next in the packet transmission method 200. In anembodiment, as shown in FIG. 3A, after receiving the packet P1, thegateway terminal 140 changes the source address field and thedestination address field in the header H1 of the packet P1 according tothe second routing table to generate the header H2. The source addressfield in the header H2 is the IP address of user terminal 110A, and thedestination address field therein is the IP address of server terminal150.

As mentioned above, the gateway terminal 140 transmits the packet P1with the header H2 to the server terminal 150. Since the source addressfield of the header H2 is changed by the gateway terminal 140 to be theIP address of the user terminal 110A, the server terminal 150 considersthe packet P1 to be the packet sent by the user terminal 110A.

As mentioned above, operation S250, in which the server terminal 150transmits the packet P2 to the gateway terminal 140, is performed nextin the packet transmission method 200. Reference is made to FIG. 3B.FIG. 3B illustrates a schematic diagram of an operation of transmittinga packet according to some embodiments of the present disclosure. Asshown in FIG. 3B, although the packet P2 is transmitted to the gatewayterminal 140 by the server terminal 150, in the setting of the header ofthe packet P2, the source address field is the IP address of the serverterminal 150 and the destination address field is the IP address of theuser terminal 110A. Accordingly, in fact, the packet P2 is transmittedto the user terminal 110A by the server terminal 150.

As mentioned above, operation S260, in which the gateway terminal 140changes the header of the received packet P2 to generate a header H3,and the gateway terminal 150 transmits the packet P2 with the header H3to the proxy server terminal 120A, is performed next in the packettransmission method 200. As shown in FIG. 3B, after receiving the packetP2, the gateway terminal 140 changes the source address field and thedestination address field in the header of the packet P2 according tothe second routing table to generate the header H3. The source addressfield in the header H3 is the IP address of the gateway terminal 140,and the destination address field therein is the IP address of the proxyserver terminal 120A. Next, the gateway terminal 140 transmits thepacket P2 with the header H3 to the proxy server terminal 120A.

As mentioned above, operation S270, in which the proxy server terminal120A changes the header H3 of the received packet P2 to generate aheader H4, and transmits the packet P2 with the header H4 to the userterminal 110A, is performed next in the packet transmission method 200.In an embodiment, after receiving the packet P2, the proxy serverterminal 120A changes the source address field and the destinationaddress field in the header H3 of the packet P2 according to the firstrouting table to generate the header H4. The source address field in theheader H4 is the IP address of the proxy server terminal 120A, and thedestination address field therein is the IP address of the user terminal110A. Next, the proxy server terminal 120A transmits the packet P2 withthe header H4 to the user terminal 110A.

Reference is made to FIG. 4 . FIG. 4 illustrates a flowchart ofoperations of the proxy server under an attack according to someembodiments of the present disclosure. In an embodiment, when the proxyserver terminal 120 is under a distributed denial-of-service attack(DDoS attack), it may cause the proxy server 120 to be disconnected, thenetwork to be abnormally slow, or the like. As shown in FIG. 4 , whenthe proxy server terminal 120 is under a DDos attack, operation S410, inwhich the proxy server terminal 120A notifies the user terminal 110A ofperforming a packet transfer and transmits the first routing table to aproxy server 120B, is first executed.

As mentioned above, reference is made to FIG. 5 . FIG. 5 illustrates aschematic diagram of an operation of transmitting a packet when anattack occurs according to some embodiments of the present disclosure.As shown in FIG. 5 , when a DDoS attack event A occurs on the proxyserver terminal 120A, the proxy server terminal 120A sends anotification signal NS to the user terminal 110A, and transmits thefirst routing table RT1 to the proxy server terminal 120B. It is worthnoting that the notification signal NS is configured to not only notifythe user terminal 110A that the attack event A occurs, but also notifythe user terminal 110A that the connection thereof is transferred to theproxy server terminal 120B. It is worth noting that when the proxyserver terminal 120A is under the attack, it is the proxy serverterminal 120A that determines to transfer the connection to otherdefault proxy server terminals.

As mentioned above, in another embodiment, when the proxy serverterminal is attacked, the administrator can also transfer the connectionto other proxy server terminal through a control interface. In yetanother embodiment, when the proxy server terminal is under an attack,the proxy server terminal 120A can automatically search for other proxyserver terminals to which the connection can be transferred (e.g., theproxy server terminal 120B or the proxy server terminal 120C), and it isnot limited to a specific proxy server terminal.

As mentioned above, in an embodiment, after detecting the DDoS attackevent, the proxy server 120A can use a portable operating systeminterface (POSIX) signal to inform the user terminal 110A that the theconnection is transferred. It is worth noting that other methods canalso be used to notify the user terminal 110A of transferring theconnection, and the present disclosure is not limited thereto.

Next, operation S420, in which the user terminal 110A transmits theinitial packet SYN to the proxy server terminal 120B, and the proxyserver terminal 120B transmits the initial packet SYN to the gatewayterminal 140, is performed. In an embodiment, since the user terminal110A, the proxy server terminal 120B, and the gateway terminal terminal140 have not established the connection therebetween before, thethree-way handshake is required after the connection is transferred tothe proxy server terminal 120B. It is worth noting that the userterminal 110A and the server terminal 150 do not know that the presentconnection has been transferred. Accordingly, the router is not allowedto transmit the packet until the three-way handshake between the userterminal 110A, the proxy server terminal 120B, and the gateway terminal140 is performed.

In an embodiment, the header of the initial packet SYN includes thesource address field, the destination address field, and the flag field.The source address field in the header of the initial packet SYNtransmitted by the user terminal 110A is the IP address of the userterminal 110A, the destination address field therein is the IP addressof the proxy server terminal 120B, and the flag field therein is“Synchronize” (S). Next, the proxy server terminal 120B changes theheader of the initial packet SYN according to the received first routingtable RT1 and sends it to the gateway terminal 140. The source addressfield in the changed header is the IP address of the proxy serverterminal 120B, the destination address field therein is the IP addressof the gateway terminal 140, and the flag field therein is “S”.

Next, operation S430, in which the gateway terminal 140 transmits aresponse packet ACK in response to the initial packet SYN to the proxyserver terminal 120B, and the proxy server terminal 120B transmits theresponse packet ACK to the user terminal 110A, is performed. In anembodiment, after receiving the initial packet SYN, the gateway terminal140 needs to return the response packet ACK, and the header of theresponse packet ACK includes the source address field, the destinationaddress field, and the flag field. The source address field in theheader of the response packet ACK sent by the gateway terminal 140 isthe IP address of the gateway terminal 140, the destination addressfield therein is the IP address of the proxy server terminal 120B, andthe flag field therein is “Acknowledge” (A).

As mentioned above, the proxy server terminal 120B changes the header ofthe response packet ACK according to the received first routing tableRT1 and sends it to the user terminal 110A. The source address field inthe changed header is the IP address of the proxy server terminal 120B,the destination address field therein is the IP address of the userterminal 110A, and the flag field therein is “A”. In this way, when theuser terminal 110A receives the response packet ACK, it indicates thatthe three-way handshake between the user terminal 110A, the proxy serverterminal 120B, and the gateway terminal 140 has been completed, and datacan be transmitted between the user terminal 110A, the proxy serverterminal 120B, the gateway terminal 140, and the server terminal 150.

As mentioned above, the data transmission method between the userterminal 110A, the proxy server terminal 120B, the gateway terminal 140,and the server terminal 150 is the same as operations S210-S270, and thefurther description is not given herein. In this way, packets can becontinuously transmitted between the user terminal 110A and the serverterminal 150 through the proxy server terminal 120B. Therefore, even ifthe proxy server 120A suffers from the malicious attack, the connectionis not interrupted to affect the user experience quality.

In another embodiment, there might be a malicious user among the userswho carries out the DDoS attack on the proxy server terminal 120 tocause the disconnection or abnormally-slow network. Therefore, if theproxy server terminal 120 determines that there is a malicious user, ithas to actively disconnect the malicious user to prevent the bandwidthof the proxy server terminal 120 from being completely occupied.

Reference is made to FIG. 6 . FIG. 6 illustrates a flowchart ofoperations of the proxy server under an attack according to someembodiments of the present disclosure. As shown in FIG. 6 , when theproxy server terminal 120A is under a DDoS attack, operation S610, inwhich the proxy server terminal 120A notifies the user terminal 110A andthe user terminal 1106 of performing the packet transfer, transmits apart of the first routing table RT1 to the proxy server terminal 120B,and transmits another part of the first routing table RT1 to the proxyserver terminal 120C, is executed first.

Reference is made to FIG. 7A. FIG. 7A is a schematic diagram of anoperation of transmitting a packet when an attack occurs according tosome embodiments of the present disclosure. As shown in FIG. 7A, when aDDoS attack event A1 occurs on the proxy server terminal 120A, the proxyserver terminal 120A transmits a notification signal NS1 to the userterminal 110A, and transmits a notification signal NS2 to the userterminal 1106. Next, a part of the first routing table RT11 is sent tothe proxy server terminal 120B, and another part of the first routingtable RT12 is sent to the proxy server terminal 120C. It is worth notingthat the notification signals NS1 and NS2 not only notify the userterminal 110A of the attack event A1, but also respectively notify theuser terminal 110A and the user terminal 1106 that the connection istransferred to the proxy server terminal 120B and the proxy serverterminal 120C.

Operation S620, in which the connection between the user terminal 110Aand the proxy server terminal 120B is established according to said partof the first routing table RT11, and the connection between the userterminal 1106 and the proxy server terminal 120C is establishedaccording to said another part of the first routing table RT12, isperformed. In an embodiment, since the user terminal 110A, the proxyserver terminal 120B, and the gateway terminal 140 have not establishedthe connection therebetween before and the user terminal 1106, the proxyserver 120C, and the gateway terminal 140 have not established theconnection therebetween before, the three-way handshake is requiredafter the connection is transferred to the proxy server terminal 120Band the proxy server terminal 120C. The method of three way handshake isdescribed as operations S410-S430, and the further description is notprovided herein.

Next, operation S630, in which if the proxy server terminal 120C isunder an attack, the proxy server terminal 120C determines the userterminal 110B as the malicious user, and the proxy server 120C blocksthe connection with the user terminal 110B, is performed. Reference ismade to FIG. 7B. FIG. 7B illustrates a schematic diagram of an operationof transmitting a packet when an attack occurs according to someembodiments of the present disclosure. As shown in FIG. 7B, if a DDoSattack event A2 still occurs on the proxy server terminal 120C, it candetermine the user terminal 110B as the malicious user at this time, andthe proxy server terminal 120C can interrupt the connection with theuser terminal 110B. In this way, even if the proxy server 120 isattacked by the user terminal, which is a malicious user, it does notaffect the quality of the connections between other user terminals 110and the server 150.

Reference is made to FIG. 8 . FIG. 8 illustrates a flowchart ofoperations of the proxy server under an attack according to someembodiments of the the present disclosure. As shown in FIG. 8 , when thegateway terminal 140A is under a DDoS attack, operation S810, in whichthe gateway terminal 140A transmits a notification signal NS3 to theproxy server terminal 120A, and the proxy server terminal 120A isconfigured to transmit the initial packet SYN to another gatewayterminal 140B according to the notification signal NS3, is executedfirst.

Reference is made to FIG. 9 . FIG. 9 illustrates a schematic diagram ofan operation of transmitting a packet when an attack occurs according tosome embodiments of the present disclosure. As shown in FIG. 9 , when aDDoS attack event A3 occurs on the gateway terminal 140A, the gatewayterminal 140A sends a notification signal NS3 to the proxy serverterminal 120A. It is worth noting that the notification signal NS3 isconfigured to not only notify the proxy server terminal 120A of theattack event A3, but also notify the proxy server terminal 120A that theconnection is transferred to the gateway terminal 140B.

As mentioned above, the header of the initial packet SYN includes thesource address field, the destination address field, and the flag field.The source address field in the header of the initial packet SYNtransmitted by the proxy server terminal 120A is the IP address of theproxy server terminal 120A, the destination address field therein is theIP address of the gateway terminal 140B, and the flag field therein is“S”.

Next, operation S820, in which another gateway terminal 140B transmitsthe response packet ACK in response to the initial packet SYN to theproxy server terminal 120A, is executed. In an embodiment, afterreceiving the initial packet SYN, the gateway terminal 140B needs toreturn the response packet ACK, and the header of the response packetACK includes the source address field, the destination address field,and the flag field. The source address field in the header of theresponse packet ACK sent by the gateway terminal 140B is the IP addressof the gateway terminal 140B, the destination address field therein isthe IP address of the proxy server terminal 120A and the flag fieldtherein is “A”.

As mentioned above, the connection is transferred from the gatewayterminal 140A to the gateway terminal 140B, so that even if the gatewayterminal 140A is under an attack, it does not affect the quality of theconnection between the user terminal 110 and the server terminal 150. Itis worth noting that the gateway terminal 140A and the gateway terminal140B in FIG. 9 are only exemplary illustrations, the gateway terminal140A and the gateway terminal 140B may be implemented by different portson the same gateway. Therefore, the IP addresses of the two gatewayterminals 140A and 140B are also different, and the present disclosureis not limited thereto.

It can be seen from the aforementioned embodiments of the presentdisclosure that, it mainly improves the problems caused by the use ofvirtual machines to transfer packets in the past. When the packets aretransmitted from the user terminal to the server terminal, the proxyserver terminal and gateway terminal are used to transfer the packetsbetween the user terminal and the server terminal, so as to achievereal-time transfer without causing network interruption. Furthermore,when the proxy server is under a malicious attack, the connection canalso be quickly redirected to another proxy server, and there is no needto re-establish the connection between the user terminal and the serverterminal, so as to achieve the effect of enhancing the user networkexperience.

In addition, the above illustrations comprise sequential demonstrationoperations, but the operations need not be performed in the order shown.The execution of the operations in a different order is within the scopeof this disclosure. In the spirit and scope of the embodiments of thepresent disclosure, the operations may be increased, substituted,changed and/or omitted as the case may be.

Although the present disclosure has been described in considerabledetail with reference to certain embodiments thereof, other embodimentsare possible. Therefore, the spirit and scope of the appended claimsshould not be limited to the description of the embodiments containedherein. It will be apparent to those skilled in the art that variousmodifications and variations can be made to the structure of the presentdisclosure without departing from the scope or spirit of the presentdisclosure. In view of the foregoing, it is intended that the presentdisclosure cover modifications and variations of the present disclosureprovided they fall within the scope of the following claims.

What is claimed is:
 1. A packet transmission method for transmitting a first packet from a first user terminal to a server terminal, the packet transmission method comprising: transmitting the first packet to a first proxy server terminal by the first user terminal; changing a header of the received first packet to generate a first header, and transmitting the first packet with the first header to a gateway terminal by the first proxy server terminal; and changing the first header of the received first packet to generate a second header, and transmitting the first packet with the second header to the server terminal by the gateway terminal, wherein the header of the first packet comprises a source address field and a destination address field, wherein when the gateway terminal is under an attack, transmitting a notification signal to the first proxy server terminal by the gateway terminal, wherein the first proxy server terminal is configured to transmit an initial packet to another gateway terminal according to the notification signal; and transmitting a response packet in response to the initial packet to the first proxy server terminal by the another gateway terminal, and wherein the first proxy server terminal is configured to establish a first routing table, wherein the first routing table comprises an IP address of the first user terminal and an IP address of the first proxy server terminal, and when the first proxy server terminal is under an attack, notifying the first user terminal of performing a packet transfer and transmitting the first routing table to a second proxy server terminal by the first proxy server terminal; transmitting an initial packet to the second proxy server terminal by the first user terminal, and transmitting the initial packet to the gateway terminal by the second proxy server terminal; and transmitting a response packet in response to the initial packet to the second proxy server terminal by the gateway terminal, and transmitting the response packet to the first user terminal by the second proxy server terminal.
 2. The packet transmission method of claim 1, wherein the source address field in the first header comprises an Internet Protocol (IP) address of the first proxy server terminal, and the destination address field in the first header comprises an IP address of the gateway terminal.
 3. The packet transmission method of claim 1, wherein the source address field in the second header comprises an IP address of the user terminal, and the destination address field in the second header comprises an IP address of the server terminal.
 4. The packet transmission method of claim 1, wherein the gateway terminal is configured to establish a second routing table, wherein the second routing table comprises an IP address of the first user terminal and an IP address of the first proxy server terminal.
 5. The packet transmission method of claim 1, further comprising: transmitting a second packet to the gateway terminal by the server terminal; changing the header of the received second packet to generate a third header, and transmitting the second packet with the third header to the first proxy server terminal by the gateway terminal; and changing the third header of the received second packet to generate a fourth header, and transmitting the second packet with the fourth header to the first user terminal by the first proxy server terminal.
 6. A packet transmission system, comprising: a first user terminal configured to transmit a first packet; a first proxy server terminal in communication with the first user terminal, configured to receive the first packet, change a header of the received first packet to generate a first header, and transmit the first packet with the first header; a gateway terminal in communication with the first proxy server terminal, configured to receive the first packet with the first header, change the first header of the received first packet to generate a second header, and transmit the first packet with the second header; and a server terminal in communication with the gateway terminal, configured to receive the first packet with the second header, wherein the header of the first packet comprises a source address field and a destination address field, wherein when the gateway terminal is under an attack, the gateway terminal is configured to transmit a notification signal to the first proxy server terminal, and the first proxy server terminal is configured to transmit an initial packet to another gateway terminal according to the notification signal; and the another gateway terminal is configured to transmit a response packet in response to the initial packet to the first proxy server terminal, wherein the first proxy server terminal is configured to establish a first routing table, wherein the first routing table comprises an IP address of the first user terminal and an IP address of the first proxy server terminal, and when the first proxy server terminal is under an attack, the first proxy server terminal is configured to notify the first user terminal of performing a packet transfer and transmit the first routing table to a second proxy server terminal; the first user terminal is configured to transmit an initial packet to the second proxy server terminal, and the second proxy server terminal is configured to transmit the initial packet to the gateway terminal; and the gateway terminal is configured to transmit a response packet in response to the initial packet to the second proxy server terminal, and the second proxy server terminal is configured to transmit the response packet to the first user terminal.
 7. The packet transmission system of claim 6, wherein the source address field in the first header comprises an IP address of the first proxy server terminal, and the destination address field in the first header comprises the IP address of the gateway terminal.
 8. The packet transmission system of claim 6, wherein the source address field in the second header comprises an IP address of the first user terminal, and the destination address field in the second header comprises an IP address of the server terminal.
 9. The packet transmission system of claim 6, wherein the gateway terminal is configured to establish a second routing table, wherein the second routing table comprises an IP address of the first user terminal and an IP address of the first proxy server terminal.
 10. The packet transmission system of claim 6, wherein the server terminal is further configured to transmit a second packet to the gateway terminal, the gateway terminal is configured to change the header of the received second packet to generate a third header, and transmit the second packet with the third header to the first proxy server terminal; and the first proxy server terminal is further configured to change the third header of the received second packet to generate a fourth header, and transmit the second packet with the fourth header to the first user terminal.
 11. A packet transmission method for transmitting a first packet from a first user terminal to a server terminal, the packet transmission method comprising: transmitting the first packet to a first proxy server terminal by the first user terminal; changing a header of the received first packet to generate a first header, and transmitting the first packet with the first header to a gateway terminal by the first proxy server terminal; and changing the first header of the received first packet to generate a second header, and transmitting the first packet with the second header to the server terminal by the gateway terminal, wherein the header of the first packet comprises a source address field and a destination address field, wherein when the gateway terminal is under an attack, transmitting a notification signal to the first proxy server terminal by the gateway terminal, wherein the first proxy server terminal is configured to transmit an initial packet to another gateway terminal according to the notification signal; and transmitting a response packet in response to the initial packet to the first proxy server terminal by the another gateway terminal, and wherein the first proxy server terminal is configured to establish a first routing table, wherein the first routing table comprises an IP address of the first user terminal and an IP address of the first proxy server terminal, and when the first proxy server terminal is under an attack, notifying the first user terminal and a second user terminal of performing a packet transfer, and transmitting a part of the first routing table to a second proxy server terminal and another part of the first routing table to a third proxy server terminal by the first proxy server terminal; establishing a connection between the first user terminal and the second proxy server terminal according to the part of the first routing table, and establishing a connection between the second user terminal and the third proxy server terminal according to the another part of the first routing table; and if the third proxy server terminal is under an attack, determining the second user terminal as a malicious user terminal by the third proxy server terminal, and blocking a connection with the second user terminal by the third proxy server terminal.
 12. A packet transmission system, comprising: a first user terminal configured to transmit a first packet; a first proxy server terminal in communication with the first user terminal, configured to receive the first packet, change a header of the received first packet to generate a first header, and transmit the first packet with the first header; a gateway terminal in communication with the first proxy server terminal, configured to receive the first packet with the first header, change the first header of the received first packet to generate a second header, and transmit the first packet with the second header; and a server terminal in communication with the gateway terminal, configured to receive the first packet with the second header, wherein the header of the first packet comprises a source address field and a destination address field, wherein when the gateway terminal is under an attack, the gateway terminal is configured to transmit a notification signal to the first proxy server terminal, and the first proxy server terminal is configured to transmit an initial packet to another gateway terminal according to the notification signal; and the another gateway terminal is configured to transmit a response packet in response to the initial packet to the first proxy server terminal, wherein the first proxy server terminal is configured to establish a first routing table, wherein the first routing table comprises an IP address of the first user terminal and an IP address of the first proxy server terminal, and when the first proxy server terminal is under an attack, the first proxy server terminal is configured to notify the first user terminal and a second user terminal of performing a packet transfer, transmit a part of the first routing table to a second proxy server terminal, and transmit another part of the first routing table to a third proxy server terminal; the second proxy server terminal is configured to establish a connection with the first user terminal according to the part of the first routing table, and the third proxy server terminal is configured to establish a connection with the second user terminal according to the another part of the first routing table; and if the third proxy server terminal is under an attack, the third proxy server terminal is configured to determine the second user terminal as a malicious user, and the third proxy server terminal blocks a connection with the second user terminal. 